National Encryption Policy Looms Large

The realization of a U.S. omnibus national encryption law appears to be moving closer to reality. On June 7 of 2018, a bipartisan group in the house of representatives reinitiated a bill for a national encryption law. This bill was originally initiated back in 2016 but never made it to the house floor for a vote. This bipartisan group also expressed concern about how this might impact consumer privacy and wanted to see a federal omnibus regulation in place that best addressed this issue. The goal of this law was to stop and rescind a growing patchwork of potential state policies that would provide for a mandatory “backdoor” into commercial products and software. Many states within the U.S. are moving forward on policies that would essentially enable one or more backdoors into encrypted data sets. At the top of their well-intended agenda is support for law enforcement on a variety of challenges including, of course, terrorism. This new legislation for a national encryption policy would specifically prohibit states or other local entities from implementing their own legislation and, instead, position one clear and more easily implemented national policy. Despite the government objective of nationally standardized encryption policy in support of law enforcement and counter-terrorist activity, the use by the government of forced disclosure, whether at the state level or the federal level, can move the control of your data into someone else’s hands. Backdoors, or special API’s that access your data at various points of being used within applications, can also easily circumvent basic protection such as “at rest” encryption for your databases. The objective is not to evade legally mandated access to encrypted data. The bigger issue is about control. It is essential that you are notified and fully aware of this pending legal access to your encrypted data. Forced disclosure through third parties, such as your cloud platform and SaaS vendors through a growing list of backdoors, take this right away from you and creates potential liability for you and your customers. This forced third-party access is a significant use case which many of our customers meet through the use of a cloud access security broker (CASB+) and our Zero Trust encryption. Zero Trust end-to-end encryption encrypts all of your data at the enterprise edge before it enters the cloud. Zero Trust encryption protects your data at rest (in the database), in motion (middleware, APIs, and other places where a backdoor might be resident), and in use (also preventing an application backdoor). This level of protection, for example, will not allow anyone using a backdoor into one of your third-party provided cloud applications to access your data without your explicit knowledge and approval. Only your decision to deliver your data encryption keys to a legally requesting party will expose the data. To learn more about CASB+ and our Zero Trust encryption please reach out to us directly via https://www.ciphercloud.com/contact-us. You can also read more about our technology here: https://www.ciphercloud.com/technology.